This guide will walk a user through how to serve encrypted traffic from the StackPath CDN to end-users while pulling content from an Origin over an unencrypted connection.
Encryption from the CDN may be done regardless of which protocol your origin is using, HTTP or HTTPS, but this guide specifically walks through origins that do not support the use of HTTPS.
If you are looking for a guide to set up SSL on an already HTTPS origin, please look here.
When a user requests content from the StackPath CDN, the content is served from our servers - not the site's origin. A separate connection is opened from the CDN to the origin when an origin request is made. This behavior provides the opportunity to for StackPath to treat the two requests separately. The CDN can connect to the end-user via HTTPS and the Origin via HTTP, or vice-versa.
How to set up HTTPS
First, verify you have integrated your CDN Site so website traffic passes through the StackPath CDN servers over an encrypted (HTTP) connection. Now, install a certificate on the StackPath Control Panel and set Origin Pull Policy to only send requests to your origin over HTTP (port 80).
Setting up SSL on the CDN
- Request a free SSL certificate or upload a custom certificate. If you select the option to generate a free dedicated SSL by Sectigo, you will be prompted to select which subdomains you'd like covered as well. Make sure to add any subdomains you will want covered to the Delivery Domains section prior to generating an EdgeSSL.
- When choosing "Generate", you will be prompted to add a new CNAME record to your DNS account with the provided values
- Upon creating the CNAME, your request will be checked for verification and final CA Signing and should show as trusted within a few minutes.
Set Origin Pull Protocol to HTTPS only
- Navigate to Sites > Website Domain > Settings
- Change Origin > Pull Protocol to HTTP only
Clear your page cache and verify that delivery is happening over HTTPS. When done correctly, this setup will allow your end-users to make requests towards your domain over both ports 443 (HTTPS) and 80 (HTTP) while the CDN will only connect to the Origin over 80 (HTTP).
Verify HTTPS is working
Your primary page and all assets should now only deliver over HTTPS. The following will show you how to verify this is the case.
- Navigate to your home page. Confirm all Images, Fonts, and JS/CSS are loading.
- Confirm through your browser Inspector that all assets from your domain are delivering over HTTPS. This will be listed by a Lock, https:// preceding your URL, or a protocol field depending on your browser.
- Check your browser Console to verify there are no blocked content errors.
After the prior conditions are validated, your site will always deliver properly to customers as secure content. If you have any further questions or concerns please contact our 24/7 support staff.